@ashelmire.bsky.social
The team recently researched a few attack tools with Microsoft 365, and detailed what can and can’t be detected. A lot of recon activity and failed attempts that you may think are available, aren’t.
The Invisible Enemy: Unmasking Microsoft 365’s Logging Blind Spots
www.abstract.security
April 23, 2025 at 11:14 AM
The team recently researched a few attack tools with Microsoft 365, and detailed what can and can’t be detected. A lot of recon activity and failed attempts that you may think are available, aren’t.
As more tech infrastructure moves to SaaS and cloud based apps, traditional analysis fundamentals require a deeper inspection. This is a great example where Microsoft 365 Sharepoint logs show the original users ClientIPAddress AND Microsoft IPs that m365 web apps are routing through.
What's up with all that Impossible Travel in SharePoint?
Differentiating between real IPs and Microsoft datacenters in SharePoint logs. Hugely important for incident investigations.
petrasecurity.substack.com
March 22, 2025 at 5:59 PM
As more tech infrastructure moves to SaaS and cloud based apps, traditional analysis fundamentals require a deeper inspection. This is a great example where Microsoft 365 Sharepoint logs show the original users ClientIPAddress AND Microsoft IPs that m365 web apps are routing through.
Been seeing AWS API calls, specifically EKS scaling calls take 2-4x longer than normal today. Anyone else? Possibly Black Friday related?
November 30, 2024 at 1:36 AM
Been seeing AWS API calls, specifically EKS scaling calls take 2-4x longer than normal today. Anyone else? Possibly Black Friday related?
